I've started to get my feet wet with web apps, and I'm trying to make sense of the output that xss-me add-on in firefox gives you when you run a test on a given page, I've been testing the demo.testfire.net ( altoro mutual )..login page, which test for numerous xss vulnerabilities, but the ones in red are showing what appears to be the script tested, it doesn't seem to work when you inserted in the login form....I don't think that's the actual xss script, but the form in which the script would be inserted....could someone give me a hand interpreting this output?